There's a BBC news article today describing plans to introduce mobile, on-the-spot checks of fingerprint biometrics using a hand-held police reader (linked to a national database of 7.5 million biometric records).
Towards the end of the article, there's a helpful graphic describing just how fingerprint recognition works... the fingerprint is analysed for "minutiae"... characteristic features such as the point at which two whorls intersect, or the peak of a particular curve. That data is turned into a set of co-ordinate plots which can be compared against stored values. It all sounds very plausible and relatively straightforward, and the National Policing Improvement Agency describes existing trials as a "stunning success".
Strangely, it's also at odds with what I have repeatedly been told about the way in which the National Identity Scheme will store fingerprint biometrics. I have asked, in the past, why it's necessary for ID cards to hold a facsimile image of the holder's fingerprints (in other words, one which could if necessary be examined by a human and compared with a scan on the spot). I suggested that holding facsimile images on the card is unnecessary and introduces risk.
I have suggested that it's unnecessary because a digest of the data, or a record of the co-ordinate plots of the minutiae, ought to be just as reliable; it introduces risk because it creates the possibility that an attacker could read the facsimile off the card and forge (any or all of) the holder's fingerprints, thus potentially creating a false suggestion the holder had been present.
The answer I have had is that the cards must store a facsimile, not a digest or derived record, because the process of converting a scanned image into a digest is too likely to introduce differences from one scan to the next.
Frankly, I don't know whether this, or the NPIA's endorsement of their trialled technology is the truth - but it seems to me that they cannot both be.
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
I'd personally be more worried about being one of the seven and a half(!) people who's records are on file...
Posted by 71.35.122.185 on October 27, 2008 at 08:24 PM GMT+00:00 #
Ah. Thanks, indeed, for your excellent proof-reading. Text corrected. It should, of course, read "7.5 meeellion records...".
Yrs.,
Dr. Evil
Posted by Robin Wilton on October 28, 2008 at 10:30 AM GMT+00:00 #